Fortinet Expands FortiCNAPP Cloud Risk Management with Network, Data, and Unified Risk Context

Rhea-AI Summary

Fortinet (FTNT) announced enhancements to FortiCNAPP on January 27, 2026 that unify network security posture, native Data Security Posture Management (DSPM), and runtime validation into a single cloud-risk workflow.

The update adds network-aware risk scoring that factors FortiGate protection into workload exposure, in-place DSPM for data sensitivity and access visibility without moving data, and runtime-informed prioritization to distinguish theoretical from active risk, aiming to reduce alert noise and speed remediation across hybrid and multi-cloud environments.

Positive

• Adds network-aware risk scoring factoring FortiGate protection
• Built-in DSPM provides in-place data sensitivity and exposure visibility
• Introduces runtime validation to prioritize active, exploitable risks
• Consolidates cloud posture, IEntitlement, vulnerabilities, DSPM, and network context

Negative

• None.

Key Figures

Total revenue: $1,724.9M Product revenue: $559.3M Service revenue: $1,165.6M +5 more

8 metrics

Total revenue $1,724.9M Q3 2025, up from $1,508.1M year ago

Product revenue $559.3M Q3 2025

Service revenue $1,165.6M Q3 2025 security subscription and support

Operating income $547.3M Q3 2025

Net income $473.9M Q3 2025, $0.62 diluted EPS

Cash & equivalents $1,995.7M Q3 2025 balance sheet liquidity

Deferred revenue $6.65B Q3 2025 total deferred revenue

Tool sprawl barrier 70% Organizations citing tool sprawl and visibility gaps as top cloud security barrier

Market Reality Check

Price: $81.71 Vol: Volume 5,619,256 is sligh...

normal vol

$81.71 Last Close

Volume Volume 5,619,256 is slightly below 20‑day average of 6,017,693, suggesting no unusual trading interest ahead of this product news. normal

Technical Shares at 83.07 are trading below the 200-day MA of 89.9 and about 27.65% under the 52-week high of 114.82.

Peers on Argus

FTNT gained 1.75% while key peer Cloudflare (NET) appeared in momentum scanners ...

1 Up

FTNT gained 1.75% while key peer Cloudflare (NET) appeared in momentum scanners with a stronger ~12.56% upside move. Other peers such as ZS, SNPS, and PANW showed smaller positive moves, and one peer declined, indicating this announcement reflects company-specific positioning rather than a uniform sector rotation.

Common Catalyst Peer headlines from ZS focused on AI security, while this release centers on expanded cloud risk and posture management.

Historical Context

5 past events · Latest: Jan 14 (Positive)

Pattern 5 events

Date	Event	Sentiment	Move	Catalyst
Jan 14	WEF participation	Positive	-2.5%	Announced cyber leadership role and panel participation at World Economic Forum 2026.
Jan 05	Earnings date notice	Neutral	+0.1%	Set date and access details for Q4 and full-year 2025 earnings release and call.
Dec 17	AI data center solution	Positive	-3.8%	Launched joint Secure AI Data Center blueprint with Arista deployed at MPS.
Dec 16	NVIDIA integration	Positive	+1.2%	Integrated FortiGate VM with NVIDIA BlueField-3 DPUs to embed security in fabric.
Dec 02	Skills gap report	Positive	+1.4%	Published 2025 skills gap report and pledged to train 1 million cybersecurity workers.

Pattern Detected

Recent Fortinet news often drew mixed reactions: several positive cybersecurity and AI partnership updates were followed by both gains and selloffs, suggesting investors do not consistently reward product and thought-leadership announcements.

Recent Company History

Over the past few months, Fortinet has highlighted strategic presence at the World Economic Forum (Jan 19–23, 2026), upcoming Q4 and full-year 2025 results, and multiple AI-related infrastructure partnerships with Arista Networks and NVIDIA. It also released a major Global Cybersecurity Skills Gap Report. Those events produced both positive and negative single-day moves, even on seemingly strong AI and security milestones. Today’s FortiCNAPP cloud risk management enhancements extend that narrative of broadening the platform across AI, data center, and cloud risk domains.

Market Pulse Summary

This announcement expands FortiCNAPP by unifying network enforcement, data sensitivity, and runtime ...

Analysis

This announcement expands FortiCNAPP by unifying network enforcement, data sensitivity, and runtime context to prioritize real-world cloud risk. It complements recent AI and infrastructure initiatives and arrives while FTNT trades below its 200-day MA and about 27.65% under its 52-week high. Investors monitoring this story may focus on adoption metrics for FortiCNAPP, trends in recurring service revenue above $1,165.6M per quarter, and how effectively integrated risk views help differentiate Fortinet in cloud security.

Key Terms

cnapp, data security posture management, runtime validation, runtime behavior

4 terms

cnapp technical

"beyond what is possible with many CNAPP solutions today."

A CNAPP (cloud-native application protection platform) is a software suite that protects applications built to run in the cloud by combining tools for finding vulnerabilities, stopping attacks, and enforcing safety rules across the whole development and runtime lifecycle. For investors, CNAPPs matter because they reduce the risk of costly data breaches, service outages and regulatory fines—similar to an integrated alarm, lock and insurance policy for a business’s online operations—helping safeguard revenue and reputation.

data security posture management technical

"native Data Security Posture Management, and runtime validation to help security"

Data security posture management is an ongoing process that finds, tracks and fixes where sensitive information lives and how well it is protected across an organization’s systems. Think of it as a security checklist for a house—locking doors, checking windows and noting fragile items—so investors can judge how well a company reduces the risk of costly breaches, regulatory fines, or operational interruptions that can hurt revenue and reputation.

runtime validation technical

"native Data Security Posture Management, and runtime validation to help security"

Runtime validation is the process of checking data, inputs and operations while software is running to confirm they meet expected rules and formats, and to catch errors or unexpected states in real time. Think of it like a bouncer checking IDs at the door: it helps prevent bad data, software crashes, incorrect trades or compliance breaches, reducing operational risk, downtime and potential financial or regulatory losses for investors.

runtime behavior technical

"data sensitivity, and runtime behavior in a single workflow, FortiCNAPP enables"

Runtime behavior describes how a software program, algorithm, or automated system actually acts while it is running — what inputs it takes, the decisions it makes, the outputs it produces, and how it responds to errors or unexpected conditions. For investors, runtime behavior matters because it determines reliability, performance and risk exposure of technology-driven products or services — like how a navigation system steers a car in traffic, rather than how the map was drawn.

AI-generated analysis. Not financial advice.

New enhancements integrate network security posture, native Data Security Posture Management, and runtime validation to help security teams prioritize real-world cloud risk

SUNNYVALE, Calif., Jan. 27, 2026 (GLOBE NEWSWIRE) -- Fortinet^®, the global cybersecurity leader driving the convergence of networking and security, today announced new enhancements to FortiCNAPP that help organizations better understand and prioritize cloud risk beyond what is possible with many CNAPP solutions today. By correlating cloud configuration, identity exposure, vulnerabilities, network enforcement, data sensitivity, and runtime behavior in a single workflow, FortiCNAPP enables security teams to focus on the risks that matter most.

“Cloud security teams aren’t struggling because they lack data. They’re struggling because growing complexity, limited resources, and skills gaps make it harder to manage risk across cloud environments,” said Nirav Shah, Senior Vice President, Products and Solutions at Fortinet. “By unifying network enforcement, data sensitivity, and runtime validation within FortiCNAPP, we’re enabling customers move from alert overload to clear, prioritized action based real-world exposure and business impact.”

As organizations expand across hybrid and multi-cloud environments, security teams are often forced to piece together risk signals from disconnected tools, resulting in fragmented visibility and slower response. According to the Fortinet 2026 Cloud Security Report, nearly 70% of organizations cite tool sprawl and visibility gaps as the top barriers to effective cloud security. FortiCNAPP addresses this challenge by adding protection where it matters most for cloud security teams—across the network, data, and runtime layers of cloud environments.

Factoring Network Security Posture into Cloud Workload Risk
FortiCNAPP incorporates network-level protection context directly into risk evaluation, providing a more accurate picture of real exposure that many CNAPP solutions lack.

• Network-aware risk scoring: FortiCNAPP detects FortiGate solutions deployed along the internet-accessible path to cloud workloads and incorporates that protection directly into workload risk assessments, ensuring exposure is evaluated in the context of existing network enforcement.
• Reduced false urgency: Persistent protection context provides a more realistic view of risk and enables security and network teams to operate from a shared, consistent understanding of exposure.

Native Data Security Posture Management (DSPM) Adds Data Risk Context
FortiCNAPP enhances risk prioritization by directly incorporating data sensitivity and exposure, without requiring customers to move or export their data.

• In-place data risk visibility: Built-in DSPM identifies sensitive data, access patterns, and potential malware, while supporting privacy and data governance requirements.
• Business impact-driven prioritization: Risks affecting sensitive data are automatically elevated, helping teams focus remediation efforts on issues with the greatest potential impact.

Bringing Risk Signals together into a Unified Workflow
FortiCNAPP simplifies cloud risk operations by consolidating often siloed security signals into a single, actionable workflow.

• Unified risk management: Insights from cloud posture, infrastructure entitlement, vulnerabilities, DSPM, and network security posture into a single view.
• Runtime-informed prioritization: Validation of vulnerable code paths helps teams distinguish theoretical findings from active, exploitable risk.
• Faster remediation: Correlated context around configuration issues, identity exposure, vulnerabilities, network reachability, data sensitivity, and runtime behavior enables faster response with fewer tools.
  

Enabling More Context-Driven Cloud Security Operations
As cloud environments grow more complex, effective risk management requires understanding not just what is misconfigured or vulnerable, but whether protections are in place, what data is involved and the likelihood of real-world impact. With these enhancements, FortiCNAPP helps organizations reduce noise, improve decision-making, and align security efforts with actual exposure and available resources.

How Organizations Are Prioritizing Real-World Cloud Risk
Organizations are using FortiCNAPP to simplify cloud security operations and gain clearer visibility into risk across complex cloud environments by unifying network, data, and runtime context within a single platform.

“FortiCNAPP gives us visibility across identities, workloads, and vulnerabilities so we know exactly where risk exists and how to address it,” said Huy Ly, Head of Global IT Security & Infrastructure at Monolithic Power Systems. “It acts like a continuous auditor, helping us assess the health of our cloud environment at a glance, even without deep, hands-on cloud expertise. Combined with the Fortinet Security Fabric, FortiCNAPP helps us proactively reduce risk across our cloud operations.”

Additional Resources

• Read more about FortiCNAPP.
• Read more about the Fortinet Security Fabric. 
• Learn more about the Fortinet Open Ecosystem.
• Visit fortinet.com/trust to learn about Fortinet innovation, collaboration partners, product security processes, and enterprise-grade products.  
• Read about how Fortinet customers are securing their organizations. 
• Learn about Fortinet’s commitment to product security and integrity, including its responsible product development and vulnerability disclosure approach and policies.
• Follow Fortinet on X, LinkedIn, Facebook, and Instagram. Subscribe to Fortinet on our blog or YouTube.
  
  

About Fortinet
Fortinet (NASDAQ: FTNT) is a driving force in the evolution of cybersecurity and the convergence of networking and security. Our mission is to secure people, devices, and data everywhere, and today we deliver cybersecurity everywhere you need it with the largest integrated portfolio of over 50 enterprise-grade products. Well over half a million customers trust Fortinet's solutions, which are among the most deployed, most patented, and most validated in the industry. The Fortinet Training Institute, one of the largest and broadest training programs in the industry, is dedicated to making cybersecurity training and new career opportunities available to everyone. Collaboration with esteemed organizations from both the public and private sectors, including CERTs, government entities, and academia, is a fundamental aspect of Fortinet’s commitment to enhance cyber resilience globally. FortiGuard Labs, Fortinet’s elite threat intelligence and research organization, develops and utilizes leading-edge machine learning and AI technologies to provide customers with timely and consistently top-rated protection and actionable threat intelligence. Learn more at https://www.fortinet.com, the Fortinet Blog, and FortiGuard Labs.

Copyright © 2026 Fortinet, Inc. All rights reserved. The symbols ® and ™ denote respectively federally registered trademarks and common law trademarks of Fortinet, Inc., its subsidiaries and affiliates. Fortinet’s trademarks include, but are not limited to, the following: Fortinet, the Fortinet logo, FortiGate, FortiOS, FortiGuard, FortiCare, FortiAnalyzer, FortiManager, FortiASIC, FortiClient, FortiCloud, FortiMail, FortiSandbox, FortiADC, FortiAI, FortiAIOps, FortiAgent, FortiAntenna, FortiAP, FortiAPCam, FortiAuthenticator, FortiCache, FortiCall, FortiCam, FortiCamera, FortiCarrier, FortiCASB, FortiCentral, FortiCNP, FortiConnect, FortiController, FortiConverter, FortiCSPM, FortiCWP, FortiDAST, FortiDB, FortiDDoS, FortiDeceptor, FortiDeploy, FortiDevSec, FortiDLP, FortiEdge, FortiEDR, FortiExplorer, FortiExtender, FortiFirewall, FortiFlex FortiFone, FortiGSLB, FortiGuest, FortiHypervisor, FortiInsight, FortiIsolator, FortiLAN, FortiLink, FortiMonitor, FortiNAC, FortiNDR, FortiPAM, FortiPenTest, FortiPhish, FortiPoint, FortiPolicy, FortiPortal, FortiPresence, FortiProxy, FortiRecon, FortiRecorder, FortiSASE, FortiScanner, FortiSDNConnector, FortiSIEM, FortiSMS, FortiSOAR, FortiSRA, FortiStack, FortiSwitch, FortiTester, FortiToken, FortiTrust, FortiVoice, FortiWAN, FortiWeb, FortiWiFi, FortiWLC, FortiWLM, FortiXDR and Lacework FortiCNAPP.

Other trademarks belong to their respective owners. Fortinet has not independently verified statements or certifications herein attributed to third parties and Fortinet does not independently endorse such statements. Notwithstanding anything to the contrary herein, nothing herein constitutes a warranty, guarantee, contract, binding specification or other binding commitment by Fortinet or any indication of intent related to a binding commitment, and performance and other specification information herein may be unique to certain environments.

Travis Anderson
Fortinet, Inc.
408-235-7700
pr@fortinet.com

Anthony Luscri
Fortinet, Inc.
408-235-7700
investors@fortinet.com

Sarah Goodwin
Fortinet, Inc.
408-832-1428
sgoodwin@fortinet.com

FAQ

What did Fortinet (FTNT) announce on January 27, 2026 about FortiCNAPP?

Fortinet announced enhancements that add network-aware risk scoring, native DSPM, and runtime validation to FortiCNAPP to better prioritize cloud risk.

How does FortiCNAPP's network-aware risk scoring affect FTNT customers?

It factors detected FortiGate protections into workload risk scores so exposure is evaluated in the context of existing network enforcement.

Does FortiCNAPP require moving data to provide data sensitivity insights for FTNT users?

No; the update includes in-place DSPM that identifies sensitive data and access patterns without requiring data export or movement.

How does runtime-informed prioritization change cloud risk handling for FTNT customers?

Runtime validation helps distinguish theoretical vulnerabilities from active, exploitable issues so teams can focus on real-world risk first.

Will the FortiCNAPP enhancements reduce alert fatigue for FTNT customers?

Yes; by correlating network, data, identity, vulnerability, and runtime signals into one workflow, FortiCNAPP aims to reduce noise and improve prioritization.

Where does FortiCNAPP place risks that affect sensitive data in prioritization for FTNT customers?

Risks impacting sensitive data are automatically elevated to reflect greater business impact and remediation priority.